Name: IoT RCE, a Study With Disney
Start: 2018-10-05T15:00:00+0200
End: 2018-10-05T16:00:00+0200

Back To Schedule

IoT RCE, a Study With Disney

Feedback form is now closed.

As desktop and server security keeps raising the baseline for successful exploitation,IOT devices are still stuck in the 1990's, despite their ubiquity in every home network. This, coupled with the ability to access them from anywhere is creating a time-bomb situation in which millions of households are left vulnerable, regardless of any network security posture.

These topics will be examined using the "Circle with Disney" and Foscam devices as case studies. During the course of the vulnerability testing of these devices, over 50 CVEs were discovered, out of which, discussion will focus on the more novel attack techniques seen within the Disney Circle, including:
- SSL certificate Attribute validation bypasses
- SSID Broadcasting injection
- Use-Between-Realloc Memory Corruption.
- Cloud Routing Abuse

Finally, there will be discussion IOT device's use of traditionally offensive tools (arp-poisoning, backdoors, and beaconing) for central functionality.

Speakers

Lilith Wyatt

Lilith is a Research Engineer with the Talos Security Intelligence and Research Group at Cisco. She's done open source and closed source research on a variety of products, resulting in CVEs on products from vendors including Vmware and Zabbix, and has also done internal research on... Read More →

Friday October 5, 2018 15:00 - 16:00 CEST
01. Westvleteren University

Talk

Attendees (68)

C
C
s
t
J
A
Z
N
View All →

BruCON 0x0A

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Lilith Wyatt

Attendees (68)